Closed Bug 1403931 Opened 7 years ago Closed 14 days ago

[meta] Enable USER_RESTRICTED for content processes

Categories

(Core :: Security: Process Sandboxing, enhancement, P2)

All
Windows
enhancement

Tracking

()

RESOLVED FIXED
134 Branch
Tracking Status
firefox134 --- fixed

People

(Reporter: jimm, Assigned: bobowen)

References

(Blocks 1 open bug)

Details

(Keywords: meta, Whiteboard: sb+)

Attachments

(1 file)

USER_RESTRICTED * breaks font loading * removes networking * breaks web audio / webrtc? * removes remaining read access (user token) * TBD
Priority: -- → P2
Whiteboard: sb+
Depends on: 1570457
Depends on: 1570460
Depends on: 1432303
Depends on: 1571182
Depends on: 1574512
No longer depends on: 1574512
Depends on: 1696387

Note: removing the network access is also important in the context that it removes any excuse to inject into the content process to inspect networking.

Depends on: 1739831
Depends on: 1741223
Severity: normal → S3
Summary: [meta] Enable USER_RESTRICTED for content processes → [meta] Enable USER_LOCKDOWN for content processes
See Also: → 1831036
Summary: [meta] Enable USER_LOCKDOWN for content processes → [meta] Enable USER_RESTRICTED for content processes
Depends on: 1891986
Depends on: 1892051
Depends on: 1892226
Depends on: 1892282
Depends on: 1892399
Depends on: 1900175
Depends on: 1900658
Depends on: 1900662
Depends on: 1900990
Depends on: 1901503
Depends on: 1901514
Depends on: 1901550
Depends on: 1901554
Depends on: 1901555
Depends on: 1912481
Depends on: 1916286

Hey Bob, do we have any timeline for shipping this? are there blockers or other concerns left that need to be addressed or can we start an experiment?

Flags: needinfo?(bobowencode)

(In reply to Christian Holler (:decoder) from comment #2)

Hey Bob, do we have any timeline for shipping this? are there blockers or other concerns left that need to be addressed or can we start an experiment?

No blockers that I know of.
I've just started looking at the experiment documentation (for nimbus I think).
Not clear whether we need extra code or how much work setting up the experiment is, I've barely had any experience of it.

Flags: needinfo?(bobowencode)

I've checked back through the list of things that disqualify win32k lockdown.

  • Safe mode: We don't drop back to USER_LIMITED for this, it is a bit odd to have safe mode make security worse, but it probably makes sense initially. We should probably remove this check for win32k lockdown now.
  • Env var: We already have an env var to disable the sandbox, I don't think we need one specifically for dropping back to USER_LIMITED.
  • No e10s: As far as I can tell this can no longer be disabled in official builds when non-local connections are allowed and only then by env var. Obviously this is only a reason disabled reporting thing either way.
  • Win10 Creators update or later: Not relevant for USER_RESTRICTED.
  • Windows Exploit Protection mitigations: All the ones checked for in the win32k lockdown code don't seem to affect USER_RESTRICTED.
  • Missing webgl oop: We have a check for this, but the win32k lockdown one includes a feature check ... we should probably add this.
  • Missing remote decoders: We have a check for this.

Win32k lockdown also used to have check for missing webrender and non-native theme, but these were removed because it is not possible to disable either any more.

So, in summary our checks are probably fine, but adding safe mode and webgl oop feature check is probably a good idea.

Depends on: 1925277
Depends on: 1925280
Depends on: 1925982

(In reply to Bob Owen (:bobowen) from comment #5)

For reference - experiment links:
Experiment Brief document
Nimbus experiment
Experiment QA Jira Ticket
Note, only for Mozilla staff with special access (me not sadly)

Depends on: 1929333
Depends on: 1930468
Depends on: 1930472
Pushed by bobowencode@gmail.com: https://hg.mozilla.org/integration/autoland/rev/0c0b8336537e Enable USER_RESTRICTED on content process sandbox for Release. r=gcp
Status: NEW → RESOLVED
Closed: 14 days ago
Resolution: --- → FIXED
Target Milestone: --- → 134 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: